From owner-freebsd-questions@FreeBSD.ORG Mon Jul 30 11:13:42 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B19C16A4C1 for ; Mon, 30 Jul 2007 11:13:42 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168]) by mx1.freebsd.org (Postfix) with ESMTP id D6E1C13C4F6 for ; Mon, 30 Jul 2007 11:13:39 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: by ug-out-1314.google.com with SMTP id o4so1197006uge for ; Mon, 30 Jul 2007 04:13:37 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=googlemail.com; s=beta; h=domainkey-signature:received:received:subject:from:to:cc:in-reply-to:references:content-type:date:message-id:mime-version:x-mailer; b=hi2tM0TOXnyEGjkE4jxmRhaoM/Lzpmdm7SFUklEImR+KvLhTFlT5YwMz0/0pYtgGpNdoeKZObOD/r2A0G/MFvZZ37sjs65S/6H6isgn3xMrMnFH1Gq/zisOOlaTJcjxtm3Ne84keqrLBykTPRxtaTXyodUNBBaqouXgrOsAP4ME= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=beta; h=received:subject:from:to:cc:in-reply-to:references:content-type:date:message-id:mime-version:x-mailer; b=rOQgzHQ0fKKQYFk+sM/ZSHPcXJIFdlgMclcYQEpi0Q76fmAtBHcgttUxstivbwWassaO6jgwgLsLSp5Mk0pRYLcYt8MxTJUeyK+TYs9B+ZnStBN3Ak+1PkbYGLB24D+ympZTvqztridoyoWg7QUjbUdrH5KYLQ+zIFa570ZSwuE= Received: by 10.86.54.3 with SMTP id c3mr3839766fga.1185794017172; Mon, 30 Jul 2007 04:13:37 -0700 (PDT) Received: from ?127.0.0.1? ( [217.206.187.79]) by mx.google.com with ESMTPS id k9sm12350041nfh.2007.07.30.04.13.35 (version=SSLv3 cipher=RC4-MD5); Mon, 30 Jul 2007 04:13:36 -0700 (PDT) From: Tom Evans To: Ian Lord In-Reply-To: <050b01c7ce16$960a0570$6400a8c0@msdi.local> References: <050b01c7ce16$960a0570$6400a8c0@msdi.local> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-42E5JTuc+Sao1qckpi9r" Date: Mon, 30 Jul 2007 12:13:34 +0100 Message-Id: <1185794014.1444.7.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.10.2 FreeBSD GNOME Team Port Cc: freebsd-questions@freebsd.org Subject: Re: Root access loggin X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 11:13:42 -0000 --=-42E5JTuc+Sao1qckpi9r Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2007-07-24 at 13:18 -0400, Ian Lord wrote: > Hi, >=20 > =20 >=20 > A Zend technician asked me to have a root access on one of my box to > troubleshoot something wrong in Zend Platform installation that doesn't w= ork > on Freebsd. >=20 > =20 >=20 > He will need root access naturally to install and debug remotely. >=20 > =20 >=20 > Is there a way to log all the commands he will type and send them in a > logfile ? >=20 > =20 >=20 > Or is there a better solution than granting him root access from ssh ? >=20 > =20 >=20 > Thanks >=20 > =20 sudosh (sudo shell) is an idea here. It gives them a root shell they can do anything in, but everything is logged. It can even play back the logs at any speed up you like (I like to watch.) This seems great in principle, but of course, you just gave them a root shell, and so they can delete their log file easily enough... --=-42E5JTuc+Sao1qckpi9r Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBGrcfblcRvFfyds/cRAm45AKCx2IeuGyFgZQWcg7kBP8mx/PFrQACgiJe4 1KBWKg9z+kzlHbId56/vF4k= =q/D9 -----END PGP SIGNATURE----- --=-42E5JTuc+Sao1qckpi9r--